undefined | Better HN

0 pointsChristianBundy8y ago0 comments

> If they had an actual root CA with a private key, that private key could be compromised and used to authenticate malware or pull of a man in the middle attack on an HTTPS site.

If they had an actual root CA with a private key, they'd sign it locally (on the company machine). In no scenario would the company's private key be given to a customer (unless we're talking about Adobe).

0 comments

4 comments · 1 top-level

varenc8y ago· 3 in thread

Yes, that's the ideal case...

But what do you want to do more?

1) Trust some company to keep a very important private key secure for a long time? (with attackers knowing it's a single high-value target)

2) Or be confident that the private key was used once and destroyed forever? Even if the private key generated on your device could be recovered it would only be good for an attack against you making it a lower priority to attackers.

dec0dedab0de8y ago

Or be confident that the private key was used once and destroyed forever? Even if the private key generated on your device could be recovered it would only be good for an attack against you making it a lower priority to attackers.

Doing it that way completely undermines the reason for having a cert in the first place. You might as well not have one at all.

usrusr8y ago

The difference is that with the on the fly cert, you blindly trust one piece of code, at one point in time, and when it did not lie to you then you will be safe from it later. A conventional cert owner on the other hand could theoretically turn on you any time (e.g. when ownership multiplies into pwnership) once "automatic trust" for the next binary is established.

I'd still prefer the latter, given reasonable standards in terms of key handling, but the one-time trust is not completely without merit. It would certainly be more reasonable though to just allow one-time blind trust without forcing the installer to create a certificate that may or may not be as private as advertised.

ComodoHacker8y ago

There's a difference. With auto-generated root certs you can't just steal one private key, sign your malware with it and push it to all users of the original software.

j / k navigate · click thread line to collapse